Unfortunately 2FA with phone or email is pretty awful security, as sim swaps are pretty rampant. You CAN lock your sim with a pin, and it is a good idea to in general, but usually, app based solutions are a step up, or I do see that Twitter offers hardware security keys as an option, which is even better). Glad it wasn't something higher sensitivity, but I know that Twitter's still pretty imperative on the tradfi side of things, so sorry to hear about your situation. Very telling what sort of outfit they're running that even a verified profile is being given this sort of treatment, not that its news to anyone here.